e-Infrastructure and e-Services for Developing Countries. 9th International Conference, AFRICOMM 2017, Lagos, Nigeria, December 11-12, 2017, Proceedings

Research Article

The State of e-Government Security in South Africa: Analysing the National Information Security Policy

Download
257 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-98827-6_3,
        author={Bukelwa Ngoqo and Kennedy Njenga},
        title={The State of e-Government Security in South Africa: Analysing the National Information Security Policy},
        proceedings={e-Infrastructure and e-Services for Developing Countries. 9th International Conference, AFRICOMM 2017, Lagos, Nigeria, December 11-12, 2017, Proceedings},
        proceedings_a={AFRICOMM},
        year={2018},
        month={8},
        keywords={National information security Information security policy e-Government Information security legislation Security controls},
        doi={10.1007/978-3-319-98827-6_3}
    }
    
  • Bukelwa Ngoqo
    Kennedy Njenga
    Year: 2018
    The State of e-Government Security in South Africa: Analysing the National Information Security Policy
    AFRICOMM
    Springer
    DOI: 10.1007/978-3-319-98827-6_3
Bukelwa Ngoqo1,*, Kennedy Njenga1,*
  • 1: University of Johannesburg
*Contact email: bukelwa.ngoqo@gmail.com, knjenga@uj.ac.za

Abstract

As a result of the growing reliance by public sector organisations on technological resources for capturing and processing information, protection of information in the public sector has become an issue of national concern. While considering the South African national strategy for protecting this state asset (‘information’) this paper contrasts existing local, provincial or national e-Government information security policies against the adopted national guidelines. The paper postulates that with sound policies and guidelines in place ‘interpretation and application’ remain as two barriers that pose a threat to state information. The main question addressed in this paper is whether e-Government information security policies adequately address prescribed key security components. To achieve a comprehensive understanding of the pillars underpinning the protection of national information security in South Africa, the authors followed systematic procedures for reviewing and evaluating existing e-Government information security policies. The objective of this paper is to investigate whether existing government information security policies are aligned to national policy or guidelines. This paper will contribute empirical evidence which supports the notion observed by the South African Auditor General that (Auditor-General 2012) security weaknesses in government departments and state entities are attributed to the lack of formally designed and implemented information security policies and standards. The results of this preliminary investigation indicate that although information security policies exist in the majority of state entities, there is no consistency in the application of the ‘security controls’, as outlined in the national guidelines.